It may surprise some security professionals, but major shifts in critical infrastructure risk often arise not from new threats, but from changes in the infrastructure itself—driven by economic growth, technological innovation, and evolving dependencies. That’s exactly what’s happening in the early years of the Age of AI, where the rise of artificial intelligence has triggered a massive physical build-out of data centers, power systems, and cloud networks that now underpin digital life.
While much has been written in these pages about AI as a threat vector, particularly in cyberspace – most recently this excellent piece from my former DHS colleague, Donna Roy – it is important that we also pay attention to AI’s impact on critical infrastructure itself. Understanding that transformation is essential if we are to secure it effectively.
The core element of the country’s approach to critical infrastructure security and resilience is defining what is critical, establishing working relationships among the parties that own and operate that infrastructure and Federal, state and local governments, and enabling information sharing and analysis to define and monitor the risk to that infrastructure. From there, security and resilience and risk mitigation priorities can be set.
In the Age of AI, there is new work to be done to ensure that what is critical is well understood and strengthen information sharing and operational partnerships amongst entities.
Defining AI Critical Infrastructure
Artificial intelligence has created a massive shift in critical infrastructure. While the large language model producers such as OpenAI, Anthropic, Google, Microsoft and Meta get a lot of the attention in the expansion of AI use, they are only part of what should be considered AI critical infrastructure.
The most visible impacts are the explosion of data centers and the surge in electricity demand they drive. According to the CBRE “North America Data Center Trends H1 2025” report, AI has triggered a construction boom of massive scale. In early 2025 alone, developers were building over 5,200 MW of new data-center capacity—the equivalent of more than 100 million square feet of floor space and enough power to light millions of homes. This surge is driving electricity consumption, and related stress on the electric grid and the infrastructure it depends on, turning AI from a purely digital phenomenon into one of the largest physical infrastructure build-outs in the country.
AI’s reliance on data centers reflects a broader dependence on cloud computing and hyperscale providers like Amazon Web Services and Microsoft Azure. These services rely on terrestrial and undersea fiber networks, physical edge connection points, and a complex semiconductor supply chain—spanning fabrication and packaging plants across Asia and the United States. Cooling, water, and emergency-service systems are also essential to sustain operations. All told, from a critical infrastructure perspective, the operations of artificial intelligence models represent an aggregation of multiple critical infrastructure sectors: IT, Critical Manufacturing, Energy, Telecommunications, and Water and Wastewater sectors, with deep linkages to others.
AI has changed the scale and complexity of these interdependencies, increasing the potential for cascading effects from infrastructure failures. A good example is the major cloud service outages seen in recent weeks. It has also elevated the importance of firms not traditionally viewed as critical infrastructure, including Nvidia, AMD, Equinix, Digital Realty Trust, Schneider Electric, and Fluor. Because of this, any identification and prioritization of Systemically Important Critical Infrastructure must take into consideration what is important for operations of artificial intelligence systems. This includes the technological supply base that enables AI models.
A Security and Resilience Imperative
Knowing what is critical, however, is less important than ensuring that critical infrastructure is secure and resilient and making the necessary investments to protect the availability of that infrastructure to support critical artificial intelligence functions. While the change of risk may not be driven by specific threats, there is no question that threat actors will flock to new critical nodes and it is important that security stays ahead of them. For AI infrastructure, that means ensuring that local law enforcement, emergency management, and emergency services know where key physical nodes are and account for them. It also means that their sustainability is prioritized as a critical component of survivability and resilience in response to natural disasters.
Going further, secure software development, product assurance, and resilient-by-design principles must guide the digital systems that make up AI infrastructure. Adversarial technologies must be kept out, and strong cybersecurity and monitoring must be mandatory. Finally, we need ways to stress-test the AI infrastructure itself, ensuring failures in one component do not cascade into systemwide outages. Recent global technology disruptions have exposed a fragility in our digital ecosystem that demands urgent attention. They have also demonstrated that the potential depth and breadth of consequence of failure within our digital infrastructure is not well understood.
If we fail to treat the need for resilience in the infrastructure that enables AI with the same urgency we apply to defending against AI, we’ll be securing the future’s threats while leaving the future’s foundations exposed. Protecting America’s digital future means mapping, hardening, and stress-testing the systems that make AI possible—before a failure forces us to learn those lessons the hard way.


